Ley

**Name of the Vulnerable Software and Affected Versions** Prosody versions prior to 0.12.6 Prosody versions 1.0.0 through 13.0.4 **Description** An issue exists when the `mod proxy65` module is enabled. The `mod proxy65` module mishandles access control during a paused scenario, which can lead to the relaying of unauthenticated traffic. **Recommendations** Update to version 0.12.6 or later. Update to version 13.0.5 or later. As a temporary workaround, disable the `mod proxy65` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Prosody versions prior to 0.12.6 Prosody versions 1.0.0 through 13.0.4 **Description** When the `mod proxy65` module is enabled, a flaw in how access control is handled during the activation scenario allows for the relaying of unauthenticated traffic. **Recommendations** Update to version 0.12.6 or later. Update to version 13.0.5 or later. As a temporary workaround, disable the `mod proxy65` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Prosody versions prior to 0.12.6 Prosody versions 1.0.0 through 13.0.4 **Description** A Denial of Service can occur due to memory exhaustion resulting from memory leaks triggered by unauthenticated connections. **Recommendations** Update to version 0.12.6. Update to version 13.0.5.

**Name of the Vulnerable Software and Affected Versions** Prosody versions prior to 0.12.6 Prosody versions 1.0.0 through 13.0.4 **Description** A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections. **Recommendations** Update to version 0.12.6 or later. Update to version 13.0.5 or later.